Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handling Encrypted Packet Splitting in PHP Swoole #5267

Open
moradi-morteza opened this issue Mar 3, 2024 · 1 comment
Open

Handling Encrypted Packet Splitting in PHP Swoole #5267

moradi-morteza opened this issue Mar 3, 2024 · 1 comment

Comments

@moradi-morteza
Copy link

I am currently developing a TCP server using PHP Swoole and implementing a backend based on the MTProto protocol. In this setup, clients send an initial packet structured as {[Key, IV] + [Data Length] + [Data]}, where both the data length and data are encrypted.

Upon receiving this, the server utilizes the provided key and IV to decrypt the data length, enabling it to understand and segregate the incoming data accordingly. Moreover, the server is designed to generate an AES-CTR encryption key from this initial packet, which is then employed to decrypt subsequent packets.

However, I'm facing challenges with the nature of encrypted packet length as the server requires the decryption key in advance to determine the split points for incoming packets. This scenario is managed in Swoole by setting open_length_check to false and customizing the package_length_func for packet splitting. My main issue arises with retaining and utilizing the initial decryption key for processing future packets, as I haven't found a way to efficiently store this key post its initial receipt.

I seek advice or solutions on the following:

Strategies for effectively saving and reusing the decryption key obtained from the first packet.
Best practices for managing the decryption and splitting of encrypted packets in a PHP Swoole environment, especially under the constraints of the MTProto protocol.
Any insights, examples, or guidance on tackling these issues would be greatly appreciated.

Thank you in advance for your assistance.
@deminy
Copy link
Member

deminy commented Mar 6, 2024

Strategies for effectively saving and reusing the decryption key obtained from the first packet.

There are different ways. In the old days you can store it to a dynamic property on the Server object; however, since dynamic property is deprecated in PHP, this option is no longer recommended. Another quick way to do it is with Swoole Table or APCu. You can check this examaple on how to use APCu with Swoole.

Best practices for managing the decryption and splitting of encrypted packets in a PHP Swoole environment, especially under the constraints of the MTProto protocol.

If these operations take time and slow down the TCP server, you can add task worker processes to the server and use them to handle CPU-intensive tasks (e.g., decryption/encryption). By doing this, the TCP server can still handle new incoming requests while busy decrypting/encrypting packets for other requests. Here is a quick example. The example uses an HTTP server, but the ideas are of the same.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deminy @moradi-morteza